The list of flaws includes type confusion, use-after-free, heap buffer overflow and other memory corruption bugs that could result in code execution, and a security bypass vulnerability.

The Reader and Acrobat issues came to Adobe by independent researchers and experts working for Clarified Security, Tencent, Source Incite, Fortinet, Cure53 and the Nanyang Technological University.

For Flash Player, version 24.0.0.194 patches 13 critical security holes that can lead to arbitrary code execution or information disclosure. Independent researcher Khalil Zhani and researchers from Microsoft, Google, Tencent, COSIG and Fortinet sent the vulnerabilities to Adobe.

Adobe said as of now there is no evidence attackers exploited any of the vulnerabilities.